Date: Sat, 28 Apr 2018 14:53:46 +0200 From: "Peter G." <freebsd@disroot.org> To: grarpamp@gmail.com, freebsd-security@freebsd.org Cc: freebsd-hackers@freebsd.org, freebsd-questions@freebsd.org Subject: Re: Exploit Lecture: Writing FreeBSD Malware Message-ID: <e4d9c81d-5d08-572d-7252-36929d050d02@disroot.org> In-Reply-To: <CAD2Ti28qjyTsiGggPRNSqLFynrC6rTkVXLi2yuVz6pt4Yj_vuw@mail.gmail.com> References: <CAD2Ti28qjyTsiGggPRNSqLFynrC6rTkVXLi2yuVz6pt4Yj_vuw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Webb, next time when talking to any audience, remove your fucking hat. That's basic human courtesy. -- PG On 28/04/2018 04:39, grarpamp wrote: > https://www.youtube.com/watch?v=bT_k06Xg-BE > > Without exploit mitigations and with an insecure-by-default design, > writing malware for FreeBSD is a fun task, taking us back to 1999-era > Linux exploit authorship. Several members of FreeBSD's development > team have claimed that Capsicum, a capabilities/sandboxing framework, > prevents exploitation of applications. Our in-depth analysis of the > topics below will show that in order to be effective, applying > Capsicum to existing complex codebases lends itself to wrapper-style > sandboxing. Wrapper-style sandbox is a technique whereby privileged > operations get wrapped and passed to a segregated process, which > performs the operation on behalf of the capsicumized process. With a > new libhijack payload, we will demonstrate that wrapper-style > sandboxing requires ASLR and CFI for effectiveness. FreeBSD supports > neither ASLR nor CFI. Tying into the wrapper-style Capsicum defeat, > we'll talk about advances being made with libhijack, a tool announced > at Thotcon 0x4. The payload developed in the Capsicum discussion will > be used with libhijack, thus making it easy to extend. We will also > learn the Mandatory Access Control (MAC) framework in FreeBSD. The MAC > framework places hooks into several key places in the kernel. We'll > learn how to abuse the MAC framework for writing efficient rootkits. > Attendees of this presentation should walk away with the knowledge to > skillfully and artfully write offensive code targeting both the > FreeBSD userland and the kernel. > > https://twitter.com/lattera/status/989602709950029824 > > Shawn Webb is a cofounder of HardenedBSD, a hardened downstream > distribution of FreeBSD. With over a decade in infosec, he dabbles in > both the offensive and defensive aspects of the industry. On the > advisory board for Emerald Onion, Shawn believes in a more free and > open Internet. His whole house is wired for Tor. Getting on the Tor > network is only a network jack away!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e4d9c81d-5d08-572d-7252-36929d050d02>